1. Field of the Invention
The present invention relates generally to computer systems and, in particular, to a method and security system scheme for controlling user access to and manipulation of rows of data within a table residing in a database.
2. Description of Related Art
The rapid growth of personal computers, internet applications, and distributed computing, along with expanded personal security requirements has proliferated the need for security systems in order to limit the access to database information to authorized users. Computer accessible databases are well known and typically configure data in tables having rows and columns. In these database systems, it is usual for a number of users to be able to interact with the system and to utilize the database. However, problems occur where the database contains information or data which is in some way sensitive, confidential, or is to be available only for a certain user or a member of a certain class of users.
In order to restrict the data available to the user or class of users, security schemes are commonly implemented in relation to these databases in order to secure the information contained therein. Over the years, a number of security systems have been developed for controlling and maintaining which users have access to information contained within tables residing on a database.
For example, database software exists for securing data within tables in the database whereby the data contained in the data, or server tables thereof, is secured in horizontal or vertical manners. Such systems include software that limits access to entire server tables to authorized users, as well as limiting access to selected rows or columns of individual tables to authorized users. This is done by an administrator of the system using predefined software syntax of one or more subsets of the tables known generally as views. Views are subsets of data that are typically used to limit a user's access to data within tables by either hiding certain columns and rows from the user's viewing, or alternatively, by limiting the user's access to specifically designated columns and rows. Often, a view will limit a user's access to data within a table by the view matching the user with their respective user log-on identification (ID) that is stored in the server computer.
However, when a table within a database contains a large number of data rows, or horizontal data slices, the use of views are limited as the administrator of the system must create an individual view for every row of data within the table. Wherein a table contains an exceedingly large number of data rows, such as those containing thousands of data rows, the administrator would require creating views for all of these data rows. Not only is this process time consuming and tedious, it is also less than desirable as the data row security may change over time. When a data row security parameter changes, or requires changing, any views that reflect these changes must also be created before the new security can be used, thus, making this process even more time consuming and tedious.
Another example of the existing software for securing data within tables in a database, or server tables, is by replicating the data within such tables. In replication processes, each user is provided with its own copy of the data table, or that part of the data table the user is attempting to access, for which it is appropriate for the particular user to have access to. Replication software requires that this data be replicated for each individual user, thus, resulting in at least some of the data existing in more than one copy. However, once any data row is changed or altered by any of the authorized users, all of the same data rows within each replicated copy must also be modified to reflect any of the particular changes made by authorized users. This is not only time consuming and tedious, but replication software is also very ineffective and inefficient in terms of memory usage.
Other methods and systems of securing data within a table residing on a database include controlling access to such data by associating security tags for each user and/or each data row in the tables. Security tags typically indicate that the data they are associated therewith have particular attributes, such as, security classifications. However, as security tags exist for each row of data within the table, the storage of such security tags consume a significant amount memory, and are thus, also inefficient in terms of memory usage as well as being time consuming and tedious.
Data residing in tables on a database can also be secured using a single security authority within the tables, such as, securing access to data based on a user's logon identification. However, screening data using such systems requires that the server determine those rows of data that are inaccessible to certain users, which often, takes an exceedingly long time, particularly when there are numerous rows of data. Further, these security systems continually restrict user access from all tables that the user is not given authority to access, therein also restricting users from read only access to such tables. These continued denied requests for accessing tables that a user is not authorized to access can be both frustrating and time consuming for the end user, as well as being inefficient and ineffective in providing security to future generations of technology.
As the computer related arts continue to grow and expand with new technology, continued efforts in preventing unauthorized users from accessing restricted data within tables residing in a database on a network are required. Otherwise, not only will confidential information be obtained by these unauthorized persons, but also the table, database and network would be open to acts of sabotage.
Thus, a need continues to exist for providing improved security systems that effectively and efficiently restrict unauthorized users from accessing database information, particularly data within a table, on a network.